Montana became the third state to regulate neural data as an amendment to the state’s genetic privacy law took effect Wednesday, adding to a trend of states overseeing the neurotechnology space (see 2508180034). On the same day, amendments to Montana’s comprehensive privacy law took effect, expanding its scope and introducing more protections for children.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

The Trump administration’s creation of large government databases consolidating the sensitive personal information of millions of Americans in an attempt to purge voter rolls is unlawful, according to a class-action lawsuit filed Tuesday by the Electronic Privacy Information Center (EPIC), League of Women Voters and others.

Sendit violated COPPA by illegally collecting children’s data and deceived users with messages from fake people, the FTC announced Tuesday in a lawsuit against the Los Angeles-based anonymous messaging app.

The California Privacy Protection Agency assessed its largest-ever penalty, ordering Tractor Supply Co. to pay a $1.35 million fine and change its business practices, the CPPA said Tuesday. The company told Privacy Daily that it’s committed to compliance and addressed the privacy issues raised.

When carrying out enforcement actions, regulators are looking for companies to be upfront about incidents and willing to work with them to solve issues, said state and federal regulators during a panel at a Practising Law Institute (PLI) cybersecurity conference Monday.

Uncommon and broadly applicable data minimization requirements in the Maryland Online Data Privacy Act (MODPA) could pose major compliance challenges for companies when the law takes effect Wednesday, privacy attorneys representing businesses said in interviews. Some advertisers could opt out of the Maryland market rather than comply with the state's comprehensive privacy law, said David LeDuc, Network Advertising Initiative (NAI) public policy vice president.

California Assemblymember Rebecca Bauer-Kahan (D) and consumer advocates on Friday said they’re optimistic Gov. Gavin Newsom (D) will sign child online safety legislation after his remarks this week about regulating AI technology.

The Irish Data Protection Commission (DPC) said Friday it identified the two companies and dataset at the heart of a scandal involving the sale of smartphone location data and is investigating. The Irish Council for Civil Liberties (ICCL) accused the DPA of failing to act on its earlier whistleblowing complaint.

The California Privacy Protection Agency’s head enforcer heralded “a new era of privacy enforcement,” in an update during the CPPA Board’s Friday meeting. The agency has “hundreds” of investigations open, and in most cases the targeted businesses don’t know about them yet, said Michael Macko, deputy director of enforcement. “We haven't surfaced yet."